Content deleted Content added
cleanup |
→References: Added links Tags: Mobile edit Mobile app edit Android app edit |
||
Line 40:
The client uses [[profile configuration file]]s (.pcf) that store VPN passwords either [[cryptographic hash function|hashed]] with [[type 7]], or stored as [[plaintext]]. A vulnerability has been identified,<ref name=cSec>{{cite web|url=https://www.cisco.com/en/US/tech/tk583/tk372/technologies_security_notice09186a0080215981.html|title=Cisco Security Notice: Cisco IPsec VPN Implementation Group Password Usage Vulnerability}}</ref> and those passwords can easily be decoded using software or online services.<ref>{{cite web|url=http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode|title=Cisco Systems VPN Client Group Password Decoder}}</ref> To work around these issues, network administrators are advised to use the Mutual Group Authentication feature, or use unique passwords (that aren't related to other important network passwords).<ref name=cSec/>
==See also==
[[Cisco AnyConnect]]
==References==
| |||